cluster/simulacrum/nowhere: make optional

2024-08-13 21:24:13 +02:00 · 2024-08-13 21:24:13 +02:00 · c0d21f6b86
commit c0d21f6b86
parent d784ee0a86
2 changed files with 38 additions and 35 deletions
--- a/cluster/simulacrum/nowhere/default.nix
+++ b/cluster/simulacrum/nowhere/default.nix
@ -58,44 +58,46 @@ in
  imports = [
    ./options.nix
  ];
-  defaults = {
-    networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
-    security.pki.certificateFiles = [
-      "${ca}/ca.pem"
-    ];
-  };
-
-  nowhere.certs = {
-    inherit ca;
-    intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
-      CN = "Simulacrum Intermediate CA";
+  config = lib.mkIf config.nowhere.enable {
+    defaults = {
+      networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
+      security.pki.certificateFiles = [
+        "${ca}/ca.pem"
+      ];
    };
-  };

-  nodes.nowhere = { config, depot, ... }: {
-    networking = {
-      firewall.allowedTCPPorts = [ 443 ];
-      interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
-        address = hour.interfaces.primary.addrPublic;
-        prefixLength = 32;
-        via = getNodeAddr name;
-      }) depot.gods.fromLight;
-      nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
+    nowhere.certs = {
+      inherit ca;
+      intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
+        CN = "Simulacrum Intermediate CA";
+      };
    };
-    services.nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      virtualHosts = lib.mapAttrs (name: link: let
-        cert = genHostCert name;
-      in {
-        forceSSL = true;
-        sslCertificate = "${cert}/cert.pem";
-        sslCertificateKey = "${cert}/cert-key.pem";
-        locations."/" = {
-          proxyPass = config.links.${link}.url;
-          extraConfig = "proxy_ssl_verify off;";
-        };
-      }) lift.nowhere.names;
+
+    nodes.nowhere = { config, depot, ... }: {
+      networking = {
+        firewall.allowedTCPPorts = [ 443 ];
+        interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
+          address = hour.interfaces.primary.addrPublic;
+          prefixLength = 32;
+          via = getNodeAddr name;
+        }) depot.gods.fromLight;
+        nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
+      };
+      services.nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts = lib.mapAttrs (name: link: let
+          cert = genHostCert name;
+        in {
+          forceSSL = true;
+          sslCertificate = "${cert}/cert.pem";
+          sslCertificateKey = "${cert}/cert-key.pem";
+          locations."/" = {
+            proxyPass = config.links.${link}.url;
+            extraConfig = "proxy_ssl_verify off;";
+          };
+        }) lift.nowhere.names;
+      };
    };
  };
 }
--- a/cluster/simulacrum/nowhere/options.nix
+++ b/cluster/simulacrum/nowhere/options.nix
@ -2,6 +2,7 @@

 {
  options.nowhere = {
+    enable = lib.mkEnableOption "Nowhere";
    names = lib.mkOption {
      description = "Hostnames that point Nowhere.";
      type = with lib.types; attrsOf str;